[llvm-dev] Interpreter crash due to an "Unknown constant pointer type!"

Alberto Barbaro via llvm-dev llvm-dev at lists.llvm.org
Fri Jan 3 07:04:21 PST 2020 

David,
sorry for this email but I noticed I made a mistake in the previous one. So
I managed to compile llvm Debug with asserts release. I have used the
following commands:

cmake -DLLVM_TARGETS_TO_BUILD=X86 -DLLVM_ENABLE_RTTI=ON
-DLLVM_ENABLE_FFI=ON -DCMAKE_BUILD_TYPE=Debug -DLLVM_ENABLE_ASSERTIONS=ON ..
cmake --build . -- -j8 && sudo cmake --build . --target install

Once lli was installed it was enough to use the .bc

/usr/local/bin/lli --debug --force-interpreter pngpixel_crash.bc 0 0
mini.png
...
png_ptr->width: 1
max_pixel_depth: 24
row_bytes: 28
...
About to interpret:   store <2 x %struct.code*> <%struct.code*
getelementptr inbounds ([512 x %struct.code], [512 x %struct.code]*
@fixedtables.lenfix.681, i64 0, i64 0), %struct.code* getelementptr
inbounds ([32 x %struct.code], [32 x %struct.code]*
@fixedtables.distfix.682, i64 0, i64 0)>, <2 x %struct.code*>* %96, align
8, !tbaa !50
Unknown constant pointer type!
UNREACHABLE executed at
/home/al/llvm-9.0.0.src/lib/ExecutionEngine/ExecutionEngine.cpp:1008!
Stack dump:
0. Program arguments: /usr/local/bin/lli --force-interpreter
pngpixel_crash.bc 0 0 mini.png
 #0 0x0000564bad642af9 llvm::sys::PrintStackTrace(llvm::raw_ostream&)
/home/al/llvm-9.0.0.src/lib/Support/Unix/Signals.inc:533:0
 #1 0x0000564bad642b8c PrintStackTraceSignalHandler(void*)
/home/al/llvm-9.0.0.src/lib/Support/Unix/Signals.inc:594:0
 #2 0x0000564bad640a66 llvm::sys::RunSignalHandlers()
/home/al/llvm-9.0.0.src/lib/Support/Signals.cpp:68:0
 #3 0x0000564bad6424b0 SignalHandler(int)
/home/al/llvm-9.0.0.src/lib/Support/Unix/Signals.inc:385:0
 #4 0x00007f697df61890 __restore_rt
(/lib/x86_64-linux-gnu/libpthread.so.0+0x12890)
 #5 0x00007f697ca0ae97 raise
/build/glibc-OTsEL5/glibc-2.27/signal/../sysdeps/unix/sysv/linux/raise.c:51:0
 #6 0x00007f697ca0c801 abort
/build/glibc-OTsEL5/glibc-2.27/stdlib/abort.c:81:0
 #7 0x0000564bad5ce768 bindingsErrorHandler(void*,
std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> > const&, bool)
/home/al/llvm-9.0.0.src/lib/Support/ErrorHandling.cpp:218:0
 #8 0x0000564bacfc2e5a
llvm::ExecutionEngine::getConstantValue(llvm::Constant const*)
/home/al/llvm-9.0.0.src/lib/ExecutionEngine/ExecutionEngine.cpp:1013:0
 #9 0x0000564bacfeb873 llvm::Interpreter::getOperandValue(llvm::Value*,
llvm::ExecutionContext&)
/home/al/llvm-9.0.0.src/lib/ExecutionEngine/Interpreter/Execution.cpp:2108:0
#10 0x0000564bacfe548a llvm::Interpreter::visitStoreInst(llvm::StoreInst&)
/home/al/llvm-9.0.0.src/lib/ExecutionEngine/Interpreter/Execution.cpp:1105:0
#11 0x0000564bacfee32f llvm::InstVisitor<llvm::Interpreter,
void>::visitStore(llvm::StoreInst&)
/home/al/llvm-9.0.0.src/include/llvm/IR/Instruction.def:173:0
#12 0x0000564bacfed18d llvm::InstVisitor<llvm::Interpreter,
void>::visit(llvm::Instruction&)
/home/al/llvm-9.0.0.src/include/llvm/IR/Instruction.def:173:0
#13 0x0000564bacfebd7b llvm::Interpreter::run()
/home/al/llvm-9.0.0.src/lib/ExecutionEngine/Interpreter/Execution.cpp:2161:0
#14 0x0000564bacfd6bdc llvm::Interpreter::runFunction(llvm::Function*,
llvm::ArrayRef<llvm::GenericValue>)
/home/al/llvm-9.0.0.src/lib/ExecutionEngine/Interpreter/Interpreter.cpp:101:0
#15 0x0000564bacfbfb94
llvm::ExecutionEngine::runFunctionAsMain(llvm::Function*,
std::vector<std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char> > > > const&, char const*
const*)
/home/al/llvm-9.0.0.src/lib/ExecutionEngine/ExecutionEngine.cpp:470:0
#16 0x0000564bac794cc4 main /home/al/llvm-9.0.0.src/tools/lli/lli.cpp:614:0
#17 0x00007f697c9edb97 __libc_start_main
/build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:344:0
#18 0x0000564bac791a9a _start (/usr/local/bin/lli+0x110aa9a)
[1]    12828 abort (core dumped)  /usr/local/bin/lli --force-interpreter
pngpixel_crash.bc 0 0 mini.png

So I'm certaint that the crash happend
in ExecutionEngine::getConstantValue.

In addition, I have noticed that ElemTy->getTypeID() is 15 ( pointer type
of type struct.code ) but the switch branch ( Line 917 ) in not able to
deal with it so the llvm_unrecheable instruction is reached.

So I can conclude that the problem is that the switch branch is not able to
deal with pointers.. Any suggestion on how to fix it please?

Do it help to narrow down the problem?

Thanks


Il giorno ven 3 gen 2020 alle ore 11:28 Alberto Barbaro <
barbaro.alberto at gmail.com> ha scritto:

> David,
> Using llvm 9 the crash is not present anymore. I think it was just time
> for me to update my code...
>
> Thanks for your help
>
> Alberto
>
> On Tue, Dec 24, 2019, 21:16 Alberto Barbaro <barbaro.alberto at gmail.com>
> wrote:
>
>> Hi David,
>> In pretty sure that the crash is due to the instruction I have shared in
>> my first email. In order to run pngpixel you just need libpng and zlib..
>> honest I thought that the .bc had Al the necessary. I'm happy to help you
>> to reproduce it. As a curiosity, why do you think you cannot reproduce it?
>>
>> Unfortunately I won't be able to modify the interpreter soon.. anyway,
>> I'll try to dump s much info as possible.
>>
>> Thanks
>> Alberto
>>
>>
>> On Tue, Dec 24, 2019, 22:09 David Blaikie <dblaikie at gmail.com> wrote:
>>
>>> I can't reproduce it (just because of other local differences that lead
>>> to failures before it reaches this point, not because it passes for me or
>>> anything)
>>>
>>> I'd suggest you hop in with a debugger and/or modify the interpreter to
>>> print more information at that unreachable - to see what sort of type you
>>> do have & maybe then it'll be more clear what should be done with that
>>> type, or why it's a weird type, etc.
>>>
>>> On Thu, Dec 19, 2019 at 11:32 AM Alberto Barbaro <
>>> barbaro.alberto at gmail.com> wrote:
>>>
>>>> Hi David,
>>>> Thanks for the suggestions. I can definitely provide the example bc
>>>> file and image ( please see the attachments ). For the debug + asserts I
>>>> need a bit of more time.
>>>>
>>>> Anyway the full output of lli is:
>>>>
>>>> lli --force-interpreter examples/pngpixel_crash.bc 0 0
>>>> examples/mini.png
>>>> png_ptr->width: 1
>>>> max_pixel_depth: 24
>>>> row_bytes: 28
>>>> Unknown constant pointer type!
>>>> UNREACHABLE executed at
>>>> /home/al/Desktop/llvm-6.0.1.src/lib/ExecutionEngine/ExecutionEngine.cpp:1007!
>>>> LLVMSymbolizer: error reading file: No such file or directory
>>>> #0 0x0000000001765ee9 (lli+0x1765ee9)
>>>> #1 0x0000000001766099 (lli+0x1766099)
>>>> #2 0x0000000001764643 (lli+0x1764643)
>>>> #3 0x0000000001766424 (lli+0x1766424)
>>>> #4 0x00007f5dc5fc7890 __restore_rt
>>>> (/lib/x86_64-linux-gnu/libpthread.so.0+0x12890)
>>>> #5 0x00007f5dc4a85e97 gsignal (/lib/x86_64-linux-gnu/libc.so.6+0x3ee97)
>>>> #6 0x00007f5dc4a87801 abort (/lib/x86_64-linux-gnu/libc.so.6+0x40801)
>>>> #7 0x00000000016d7150 (lli+0x16d7150)
>>>> #8 0x0000000001139543 (lli+0x1139543)
>>>> #9 0x00000000011500b8 (lli+0x11500b8)
>>>> #10 0x000000000115c25d (lli+0x115c25d)
>>>> #11 0x0000000001167d32 (lli+0x1167d32)
>>>> #12 0x000000000116430d (lli+0x116430d)
>>>> #13 0x0000000001163580 (lli+0x1163580)
>>>> #14 0x000000000114e197 (lli+0x114e197)
>>>> #15 0x0000000001135ba0 (lli+0x1135ba0)
>>>> #16 0x00000000008c729d (lli+0x8c729d)
>>>> #17 0x00007f5dc4a68b97 __libc_start_main
>>>> (/lib/x86_64-linux-gnu/libc.so.6+0x21b97)
>>>> #18 0x00000000008c4f1a (lli+0x8c4f1a)
>>>> Stack dump:
>>>> 0. Program arguments: lli --force-interpreter
>>>> examples/pngpixel_crash.bc 0 0 examples/mini.png
>>>> [1]    4344 abort (core dumped)  lli --force-interpreter
>>>> examples/pngpixel_crash.bc 0 0 examples/mini.png
>>>>
>>>> Please let me know if you can reproduce it!!
>>>>
>>>> Thanks
>>>> Alberto
>>>>
>>>>
>>>> On Thu, Dec 19, 2019, 19:10 David Blaikie <dblaikie at gmail.com> wrote:
>>>>
>>>>> Probably need a debug (& probably +Asserts) build to see more about
>>>>> where it's failing & that might help you fix it - if you want other folks
>>>>> to be able to help debug the issue, providing the full reproduction steps
>>>>> (the entire input files, what commands were run, etc) - though, preferably,
>>>>> minimized (simplify the inputs/commands, etc, while still producing the
>>>>> failure)
>>>>>
>>>>> On Thu, Dec 19, 2019 at 11:06 AM Alberto Barbaro via llvm-dev <
>>>>> llvm-dev at lists.llvm.org> wrote:
>>>>>
>>>>>> Hi all,
>>>>>> as usual I'm playing with the Interpreter and unfortunately I hit a
>>>>>> crash. I have narrowed down the problem an the crash happens inside the
>>>>>> inflate function which is part of zlib and specifically at the instruction:
>>>>>>
>>>>>> store <2 x %struct.code*> <%struct.code* getelementptr inbounds ([512
>>>>>> x %struct.code], [512 x %struct.code]* @fixedtables.lenfix.681, i64 0, i64
>>>>>> 0), %struct.code* getelementptr inbounds ([32 x %struct.code], [32 x
>>>>>> %struct.code]* @fixedtables.distfix.682, i64 0, i64 0)>, <2 x
>>>>>> %struct.code*>* %96, align 8, !tbaa !46
>>>>>>
>>>>>> The output from lli is:
>>>>>>
>>>>>> Unknown constant pointer type!
>>>>>> UNREACHABLE executed at
>>>>>> /home/al/Desktop/llvm-6.0.1.src/lib/ExecutionEngine/ExecutionEngine.cpp:1007!
>>>>>> LLVMSymbolizer: error reading file: No such file or directory
>>>>>> #0 0x0000000001765ee9 (lli+0x1765ee9)
>>>>>> #1 0x0000000001766099 (lli+0x1766099)
>>>>>> #2 0x0000000001764643 (lli+0x1764643)
>>>>>> #3 0x0000000001766424 (lli+0x1766424)
>>>>>> #4 0x00007faade157890 __restore_rt
>>>>>> (/lib/x86_64-linux-gnu/libpthread.so.0+0x12890)
>>>>>> #5 0x00007faadcc15e97 gsignal
>>>>>> (/lib/x86_64-linux-gnu/libc.so.6+0x3ee97)
>>>>>> #6 0x00007faadcc17801 abort (/lib/x86_64-linux-gnu/libc.so.6+0x40801)
>>>>>> #7 0x00000000016d7150 (lli+0x16d7150)
>>>>>> #8 0x0000000001139543 (lli+0x1139543)
>>>>>> #9 0x00000000011500b8 (lli+0x11500b8)
>>>>>> #10 0x000000000115c25d (lli+0x115c25d)
>>>>>> #11 0x0000000001167d32 (lli+0x1167d32)
>>>>>> #12 0x000000000116430d (lli+0x116430d)
>>>>>> #13 0x0000000001163580 (lli+0x1163580)
>>>>>> #14 0x000000000114e197 (lli+0x114e197)
>>>>>> #15 0x0000000001135ba0 (lli+0x1135ba0)
>>>>>> #16 0x00000000008c729d (lli+0x8c729d)
>>>>>> #17 0x00007faadcbf8b97 __libc_start_main
>>>>>> (/lib/x86_64-linux-gnu/libc.so.6+0x21b97)
>>>>>> #18 0x00000000008c4f1a (lli+0x8c4f1a)
>>>>>>
>>>>>> Is there anyone that can help me to understand how to fix it even a
>>>>>> simple workaround for the moment would be enough!
>>>>>>
>>>>>> Thanks,
>>>>>> Alberto
>>>>>> _______________________________________________
>>>>>> LLVM Developers mailing list
>>>>>> llvm-dev at lists.llvm.org
>>>>>> https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev
>>>>>>
>>>>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20200103/828f8cd0/attachment.html>

More information about the llvm-dev mailing list